Automatic Blocking of Codes and Cookies

Please be aware, that automatic blocking is not 100% safe! If you want to ensure compliance, you should always prefer manual blocking over automatic blocking for codes and cookies!

Common issues with the automatic blocking codes can be resolved by using the CMP Debugger Console. Please see here fore more information.

How Automatic Blocking works

In order to prevent the website visitor from data processing, the automatic blocking feature can automatically disable scripts and iframes that are integrated into a website. In this case, no additional adjustments of the scripts/iframes are necessary (whereas the manual blocking mechanism requires you to change the codes of the scripts and iframes).

When the page loads, the automatic blocking feature will load and check all scripts and iframes that are included in your website. It will then disable iframes and external scripts. It will also check if inline scripts try to set cookies and of so, it will also block these inline scripts. Scripts and iframes that are disabled can then be enabled by the CMP as soon as consent is given.

All disabled scripts/iframes are disabled the same way as if you would apply manual blocking to these codes. This means that you can use the same attributes and logic for these codes.

Integrating the Code for Automatic Blocking

In order to ensure that the automatic blocking can work, it is strictly necessary to install the blocking code directly after <head> in your websites source code and before any other <script ...> or <iframe ...> element. Place the following code into all sites of your website:

<!DOCTYPE html>
 <script src="" data-cmp-ab="1"></script>
 ... your other website codes go here ... 

Please note: The automatic blocking code cannot be loaded asynchronously/defer!

Please note: The automatic blocking code cannot be loaded using a TagManager!

Configuring Automatic Blocking

Automatic blocking can be configured unter Menu > CMPs > Edit > Other settings > Automatic blocking:

Assiging domains

If the automatic blocking finds domains on your website that are not assigned to any vendor, it will alert this to the system and inform you to apply changes:

  1. Add the automatic blocking code to your website
  2. Visit your website in order for the code to detect the domains/codes that are blocked but not assigned to a vendor
  3. Login to your account and go to Menu > CMPs
  4. Next to the CMP you should see a warning that new domains are found. Click on the warning:

  5. Assign each domain to a vendor
  6. Go to Menu > Vendors and ensure that each vendor is assigned to a purpose
  7. Ensure that necessary vendors and/or purposes are set to the right legal basis in order to prevent visitors from disabling them

What to do with unknown domains?

The crawler and blocking code will alert for new domains from time to time. It is best practice to assign as  many domains as possible. In cases when the domain is not clear to you, you can

  1. Check the domain/website in order to find out which vendor it belongs to
  2. Check the URL on which the domain was found in order to see whether the domain belongs to some plugin/tool on your website that is necessary.

If the domain does not belong to your website or should not be used, you can click on "Ignore" in order to hide the domain from the list. In case of automatic blocking, codes from this domain will remain blocked and cannot be unblocked by the visitor.

Reasons unassigned domains are found

The automatic blocking code will alert the system when domains are blocked for which no vendor can be found. Here is a list of reasons why this can happen:

  1. The blocking code will only "know" about vendors that are in your vendorlist. If a code is on your website but the corresponding vendor is not in your vendorlist, the domain for this code will be alerted so that you can add the vendor.
  2. We see many cases in which a websites are embedded in other websites (e.g. Google Cache, Google Translate or Bing Cache and so on). In this case the blocking code will not only find the codes that are included in your website but also the codes that are included in the page that embedded your content. In this case you might see domains that are not actually relevant for you and you can simply ignore them.
  3. We see many cases in which website visitors seem to use certain plugins, toolbars or simply have malware installed in their PC. In these cases the plugin/toolbar/malware can inject new HTML code into each website that the visitor sees. For example certain Antivirus tools add a "safe" icon next to each link and some malware inserts advertising into the websites. If you find domains that seem incorrect, simply ignore them.

Automatic Blocking & TagManagers

In order to prevent TagManagers from being blocked by the automatic blocking, please ensure that you add the attribute data-cmp-ab="1" to the TagManager script. For example the code of the Google TagManager could look like this:

        new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],

Excluding scripts/iframes from automatic blocking

In some cases it can be necessary to exclude a script or an iframe from automatic blocking. In order to do this, please insert the attribute data-cmp-ab="1" or data-cmp-ab="2" (see here for the difference) into the script or iframe code. Example:

<script data-cmp-ab="1" src="https://..."></script>

Limitations of Automatic Blocking

Please note that Automatic Blocking is not safe due to some technical limitations. These are:

  • Automatic blocking can only work if it is the first script in the website code. If it is installed behind/under an other script or iframe, the above script or iframe cannot be blocked before loading!
  • Automatic blocking must be installed synchronously and cannot be loaded via a TagManger!
  • Although the automatic blocking script loads synchronously as the first item in the page, modern browser try to preload other sources from third parties asynchronously. This means a browser could already send a request to a third party server while loading the automatic blocking script. In this case the third party server can already process personal data and/or set cookies that cannot be blocked by the automatic blocking feature.
  • Automatic blocking will only work with modern browsers (IE11, Edge 18, Firefox 14, Chrome 18, Opera 15, Safari 7)
  • Automatic blocking will not block images that are fired using JavaScript (e.g. (new Image()).src="...";)
Back to top